I have recently (22.02.24) converted from iocage to BastilleBSD for jail management, and everything went pretty well, with a single exception. A little background on my setup. I have migrated my jails to a pair of Lenovo M710q mini-servers to run my jails. They are identical, and my intention is to have the ability to bounce jails between them, either all at once, or individually.
So I migrated the jails over from the server running iocage, all 13.2 and thin jails, in to bastille. They came up and worked just fine. However, I have been unable to upgrade from 13.2-RELEASE to 14.0-RELEASE. So I tried converting to thick jails, and upgrading individually. Still did not work, even after clearing the references to opie in /etc/pam.d, and moving /usr/home to /home. So I spun up new 14.0 jails on the other system, and moved the apps and data to them, then decommissioned the 13.2 jails.
Everything thus far has worked fine, except I have one jail, my master DNS jail running BIND9, that in the past week, has started getting a variety of errors, primarily with ssh, both as the 13.2 jail and on 14.0, and regardless of which host it is on. Here are samples from /var/log/messages:
And it seems that the sshd process is constantly starting and restarting, since each broken pipe has a different PID:
I have also seen a couple of points where dma has stack overflowed.
Has anyone seen behavior such as this? The odd parts are that it was nbehaving like this before, but the problem, once it began occurring, persisted (intermittently) across separate jail instances, across jail servers, I have checked the ssh config files, and they seem to be fine.
Thanks,
--vr
So I migrated the jails over from the server running iocage, all 13.2 and thin jails, in to bastille. They came up and worked just fine. However, I have been unable to upgrade from 13.2-RELEASE to 14.0-RELEASE. So I tried converting to thick jails, and upgrading individually. Still did not work, even after clearing the references to opie in /etc/pam.d, and moving /usr/home to /home. So I spun up new 14.0 jails on the other system, and moved the apps and data to them, then decommissioned the 13.2 jails.
Everything thus far has worked fine, except I have one jail, my master DNS jail running BIND9, that in the past week, has started getting a variety of errors, primarily with ssh, both as the 13.2 jail and on 14.0, and regardless of which host it is on. Here are samples from /var/log/messages:
Code:
Mar 8 00:41:24 chekov sshd[49201]: error: Fssh_send_error: write: Broken pipe
Mar 8 02:02:39 chekov sshd[62848]: error: Fssh_kex_exchange_identification: read: Connection reset by peer
Mar 8 02:02:39 chekov sshd[62855]: error: Fssh_kex_exchange_identification: read: Connection reset by peer
Mar 8 02:02:53 chekov sshd[62896]: error: Fssh_kex_exchange_identification: read: Connection reset by peer
Mar 8 02:03:42 chekov sshd[63239]: error: Fssh_kex_exchange_identification: read: Connection reset by peer
Mar 8 02:03:42 chekov sshd[63250]: error: Protocol major versions differ: 2 vs. 9
Mar 8 02:03:43 chekov sshd[63272]: error: Protocol major versions differ: 2 vs. 1
Mar 8 02:03:44 chekov sshd[63293]: error: Protocol major versions differ: 2 vs. 1
Mar 8 02:03:47 chekov sshd[63370]: fatal: userauth_finish: send failure packet: Broken pipe [preauth]
Mar 8 02:03:48 chekov sshd[63372]: fatal: userauth_finish: send failure packet: Broken pipe [preauth]
Mar 8 02:03:48 chekov sshd[63376]: fatal: userauth_finish: send failure packet: Broken pipe [preauth]
Mar 8 02:03:48 chekov sshd[63382]: fatal: input_userauth_info_response: wrong number of replies [preauth]
Mar 8 02:03:50 chekov sshd[63401]: error: Fssh_kex_exchange_identification: read: Connection reset by peer
Mar 8 03:21:25 chekov sshd[83513]: error: Fssh_send_error: write: Broken pipeAnd it seems that the sshd process is constantly starting and restarting, since each broken pipe has a different PID:
Code:
Mar 10 12:12:29 chekov sshd[73115]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:13:29 chekov sshd[73378]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:14:29 chekov sshd[73638]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:15:29 chekov sshd[73957]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:16:29 chekov sshd[74219]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:17:29 chekov sshd[74480]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:18:29 chekov sshd[74744]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:19:29 chekov sshd[75002]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:20:29 chekov sshd[75276]: error: Fssh_send_error: write: Broken pipe
Mar 10 12:21:25 chekov sshd[75539]: error: Fssh_send_error: write: Broken pipeI have also seen a couple of points where dma has stack overflowed.
Code:
Mar 9 03:44:31 chekov dma[bc9c.41eb8c448050][60243]: stack overflow detected; terminated
Mar 10 03:21:37 chekov dma[bd0b.2ad1d4448050][27128]: stack overflow detected; terminatedHas anyone seen behavior such as this? The odd parts are that it was nbehaving like this before, but the problem, once it began occurring, persisted (intermittently) across separate jail instances, across jail servers, I have checked the ssh config files, and they seem to be fine.
Thanks,
--vr